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ABSTRACT 

In this report, a method for multiplying two elements from the Galois field 
ms 

GF(2 ) is presented. This method provides a tradeoff between speed and 
complexity. 



SERIAL- PARALLEL MULTIPLICATION IN GALOIS FIELDS 


1 . Multiplication over Subfields 

In this note, we present a method for multiplying two elements from a 


ms. 


Galois field over a subfield. Consider the Galois field GF(2 ). This field 


contains the field GF(2 ) as a subfield and may be regarded as an extension 

s ms 

field of GF(2 ). Let a be a primitive element in GF(2 ). Then the set, 

{l,a,a^, . . . ,a m forms a basis for GF(2 mS ) over the subfield GF(2 S ). Any 

element z in GF(2 mS ) can be expressed as a linear sum of - l,a,a^, . . . ,a m ^ 


over GF(2 ) as follows: 


° A ^ 2 ^ m-1 

z A a + z-a + z 0 a + . . . + z -a 
u 1 Z m-I 


( 1 ) 


where z^ € GF(2 ) for 0 < i < m. There is a one-to-one correspondence between z 

s 

and the m-tuple (z A , z- , . . . ,z -) over GF(2 ) with respect to the basis 

U 1 m-l 

{l,a,a^, . . . ,a m ^}. The basis, {l,a,...,a m , is called the polynomial basis . 

ms s 

The trace of an element z in GF(2 ) with respect to GF(2 ) is defined as 


A 9 s 9 2s 

T (z) = z + z + z 
nK 




+ ... + z 

which is an element in GF(2°) [p. Ill, 1]. The trace has the following 
properties : 

e me 

1. For any a e GF(2 ) and z e GF(2 ), 


( 2 ) 


T (az) - a T (z) ; 
m m 

ms 

2. For any two elements y and z in GF(2 ), 

T (y+z) - T (y) + T (z) . 
m m m 

2 m- 1 

With respect to the polynomial basis {l,a,a , . . . ,a }, there exists another 


^ms. 


basis {/3 a , /L , , . . t B -} for GF(2 ) over GF(2 ) such that 
U 1 m- 1 

0, for i*j 


T («' fi,) 
™ J 


(3) 


1, for i-j 


with 0 < i, j < m. The basis . . . ,0^ is called the dual (or 

complementary ) basis to {l,a,Q^, . . . ,a m over GF(2 S ). Any element z in GF(2 ms ) 
can be expressed in either of the following two forms: 

1 . polynomial form 

2 m-1 

z - a_ + a, a + a~a + . . . + a ,a , 

01 2 m-1 

2 . dual form 

Z ” b 0^0 + b l^l + b 2^2 + ••• + b m -i 1 

where a. and b. are elements in GF(2 ) for 0 < i < m. These two forms can be 

li 

converted to each other as follows : 


,ms. 


1 . a. - T (z p . ) , and 

l m' *1 ■ 

2. b -TCza 1 ), 

I m 

for 0 < i < m. 

Now we consider multiplying two elements from GF(2*“~) . If one element is 

expressed in polynomial form and the other element is expressed in the dual 

form, then the multiplication can be. achieved in a serial -parallel manner over 
s 

the subfield GF(2 ). This would give a trade-off between the complexity^ and 

speed in the implementation of a multiplier. Let x and y be two arbitrary 
ms 

elements in GF(2 ) . Express x and y in terms of the polynomial basis 
{l,a,a^ a™ and its dual basis l^Q’^l’ • • • 1^ res P ect i- ve ly • 


2 m-1 

x n + x,a + x„a + ... + X .a , 
01 L m-1 


y - y o 0 o + y]A + V > 2 + ••• + V1V1 


(4) 

(5) 


where x^ and y^ are in GF(2 ) for 0 < i < m. Consider the product z ** xy and 


express z in dual form, 


z - xy 


Vo + W + VA-i 


( 6 ) 


where 


- 2 - 



( 7 ) 


Z L - 

for 0 < i < m. 

Next we show how the coefficients of z can be obtained from the coeffi- 
cients of x and y in a serial manner. It follows from (5) to (7) that 

z i " 


- T 


m 


f m-1 

2 y t* V 


2-0 


!'oV x V l > + W*!-" 1 ’ + ••• + Vi 


( 8 ) 


Setting i-0 in (8) , we obtain 

V y 0 T m (x V + y l T m (x ^l> + ••• + Vl T m (x ^m-1> 

Since T^x^) - x. for 0 < i < m, it follow from (9) that 

z o “ Vo + Vi + ••• + x m-i Vi • 

In order to obtain the other m-1 coefficients of z, we define 

(i) i 

y - ya , 

(i+1) (i) 

y - y a . 

Note that y^- y. We express both y^ and y^ 1+1 ^ in dual forms: 

y " y 0 ^0 + y l h + ••• + Vl^m-l ’ 


where 


y j X> “ T m( y<l)aJ ) ’ 


(i+D _ r (i+i) n 

y j - T ml y a J 

It follows from (12) that, for 0 < j < m , 


(i+1) 


r »(j' (1+1> “ J ) 


^ W) “ J+1 ) - V! 


.(i) 


(9) 


(10) 

(11) 

( 12 ) 

(13) 

(14) 

(15) 

(16) 


(17) 


- 3 - 


and 


Expression (17) gives a relationship between the coefficients of y^ i+1 ^ 
those of y^. From (14) and (17), we obtain 


(i+D (i) (i) (i) (i) 

7 ‘^1 V y 2 ^1 + ••• + y m-A-2 + y m *m-l’ 


where 




( 18 ) 

(19) 


y (i) 

y m 

can be 

determined 



i 

m-1 

T |y 

(i, a"l - T 

.■ ) 


J 


L 



m| 

£-0 

y (i) 

y 0 

T »(v m ] 

+ 


J + ”- +y ^ T mKl“J * < 20 > 

From (18) and (20), we see that the coefficients of y^ + ^ are completely deter- 
mined by the coefficients of y^. 

Now we return to the coefficients of z. It follows from (7) that, for 
0 < i < m-1 , 

z i + i - T „P +1 ) 

- T m( x > ,al+1 ] ' T m(*y <1) ' 1 ) 

m-1 

l V ' “■ 

l 3-0 


- T 




m-1 


- 5 . 


( 21 ) 


j-o 


Combining (15) and (21), we have 


z. , - +...+* ,y< l > + * ,y (1 > 

1+1 0 J 1 V 2 m-2 -'m-1 m-l J m 


( 22 ) 


Putting (10), (17) to (22) altogether, we see that the coefficients, Zq, z^, 

. . . , ^ of the product z - xy in dual form can be generated from the coeffi- 

cients of x and y in a serial manner with m steps, 


- 4 - 


(0) A (0) 
z n " Vo + x i y 


m 


. ♦* 9 y (0 ^ + x iy <°) 

m-2 y m-2 m-1 J m-1 


(0) ^ (0) , 

Z 1 “ x O y l + X l y 2 + • 


. . + x 


y <°) ♦ X 


,<0) 


m-2 7 m-l m-1 


.a) 


,u> 


z 2 ” X O y l + X l y 2 + 


. . + x 


yf 1 ? ♦ *- 


.( 1 ) 


m-2 ^m-l m-1 J m 


( 23 ) 


where 


(m-2) 

“m-1 ~O y l 


(m-2) 
”l y 2 


(m-2) 


z- . - x nyr ' + x i y o "' + ••• + x m -2 ^-l"' + Vl y , 


(m-2) 

m 


.( 0 ) 


a) vl ' - y L for 0 < i < m , 

(2) y. “ y j+l f° r ® < m 'l an< * 1 ^ j < m , 


(3) y (l) - y * x) T (0.a®) + y , U; T (0-a®) + ... + y U jl (/3 -a®) 
' -'m -'O m'^0 J 1 m'^1 ■'m-l m r m-l ' 


,(i> 


,(i)r 


(24) 

(25) 

(26) 


2 . Serial-Parallel Multiplier 

From the expressions of (23) to (26), we see that, if we multipl y two elem- 
ms 

ents x and y from GF(2 ) in mixed forms, the coefficients of the product z in 

s 

dual form over GF(2 ) can be determined from the coefficients of x (in poly- 
nomial form) and y (in dual form) in a serial manner with m steps. At the i-th 
step, the coefficient 


z 4 - W ' + X l y 2 1 " 1) + ••• + x 


,(i-l) 
‘i ~0 y l 


m-1 y m 


(i-1) 


is formed. To form z^, m multiplications over GF(2 ) are required. These m 
multiplications can be carried out in a parallel (or direct) manner using either 
m GF(2 S ) arra y multipliers or m look-up tables. The coefficients y £* 

..., y ^ i 1 1) must be formed separatel y . From (26), we have 

y a-l) . y (i-l) T J v mj + y <‘-»l m (^) + ... ♦ y<^> T n (^. 1 « m ) ( 27 ) 

To form y ^ m multiplications over GF(2 S ) are needed. Each of these multi- 
m 

plications involves a fixed element, T (/J^a®) , from GF(2 S ). As a result, the 
implementation is simpler. A general serial-parallel multiplier which 


- 5 - 



realizes the multiplication algorithm presented in a previous section is shown 

in Figure 1. It consists of two parts, the top part forms the coefficients, 

z rt , z. z . of the product z, which is called the z, -circuit. The lower 

u l m-l l 

part of Figure 1 forms the coefficients, y^\ y^ , .... which is 

m m m 

called the y^^ -circuit. The multiplication is completed in m steps (or in m 

clock times). The z^-circuit requires m GF(2 S ) -multipliers , each multiplying 

two arbitrary elements from GF(2 S ). The y^^ -circuit requires m GF(2 S )- 

multipliers, each multiplying a fixed element and an arbitrary element from 
s 

GF(2 ). The overall multiplier also needs two ms -input s -output adders. 

Suppose we implement the serial -parallel multiplier of Figure 1 by using 

GF(2 S ) array multipliers. Each GF(2 S ) array multiplier with two arbitrary 

2 2 
inputs requires s AND gates to form the partial products, (s-1) two-input X-OR 

gates to add the partial products and then approximately (s-l)(i-l) two- input 

s 4 

X-OR gates to reduce the sum to a s-bit symbol in GF(2 ). A GF(2 ) array 

4 s 

multiplier with generating polynomial X +X+1 is shown in Figure 2. A GF(2 ) 

array multiplier with one fixed input requires no AND gates and less than 
2 

(s-1) +(s-l)(i-l) two-input X-OR gates. Now consider the implementation of the 

serial-parallel multiplier using look-up tables (ROMs) . For multiplying two 

arbitrary elements from GF(2 S ) , a single look-up table requires a ROM of 2s 

2s 

inputs, s outputs and 2 s-bit words. For multiplying an arbitrary element 
with a fixed element, the look-up table requires a ROM of s inputs, s outputs 

g 

and 2 s-bit words. 

ins 

The multiplication of two elements from GF(2 ) can be achieved by using a 

single Berlekamp's bit-serial multiplier [2]. This implementation is extremely 

simple, however it takes ms clock times to complete the multiplication, which is 

s times longer than the serial-parallel multiplier over GF(2 S ) of Figure 1. If 

ms 

speed is critical, we may multiply two elements from GF(2 ) directly by using a 


- 6 - 



single GF(2 ms ) array multiplier or a single look-up table. A single GF(2 ms ) 

2 2 

array multiplier would require (ms) AND gates and approximately (ms-1) + 

(ms-l)(L-l) two-input X-OR gates where L is the number of terms in the gen- 
erating polynomial for GF(2 mS ) . For the serial -parallel multiplier using GF(2 S ) 

2 2 
array multipliers, a total of m-s AND gates and no more than 2m[(s-l) + 

(s-l)(i-l)] two-input X-OR gates are needed. For large m (m > 3) , a single 

ms 

GF(2 ) array multiplier requires much more AND and X-OR gates than the 
serial-parallel multiplier over GF(2 S ). 

A single look-up table for direct multiplication of two arbitrary elements 
from GF(2 ms ) requires a ROM of 2 ms inputs, ms outputs and 2^ ms ms -bit words. 

However, for the serial-parallel multiplier of Figure 1, it requires a total 

2s s 2ms 

memory of m(2 +2 ) s-bit words which is much smaller than 2 for m > 2 . 

In summary, the serial-parallel multiplication over a subfield presented in 

this note provides a trade-off between speed and complexity. 
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Figure 1 A GF(2 ms ) serial-parallel multiplier over GF (2 s ) 







